Senior Infrastructure Engineer – IAM & Automation

100% Remote

This role will be responsible for the day‑to‑day administration, maintenance, support, and triage of Infrastructure escalations within the Platform Services function of IT. This role will require demonstrated experience in Identity and Access Management platforms and workflows, Power Shell and MS Graph, and a strong customer service orientation. Primary areas of responsibility include working directly in Okta and M365 for Identity and Access Management, automation authoring and maintenance tasks via Power Shell and/or MS Graph, and supporting the administration and configuration of our M365 tenant.

• Serve as the primary engineer and platform owner for the firm’s Identity & Access Management ecosystem, with emphasis on Okta, lifecycle workflows, and automation patterns.
• Triage incidents and calls. Independently analyze, solve, and correct issues in real time, providing problem resolution end‑to‑end.
• Manage and monitor Identity and Access controls through Okta and Entra/Active Directory.
• Create, support, and maintain Okta configurations to support access to business applications, Single Sign-On, SAML, SCIM, Multi‑Factor Authentication, and lifecycle management.
• Create, support, and maintain the configuration and enforcement of policies and settings using Conditional Access, including phishing‑resistant and device‑aware authentication, biometrics, and managed‑device enforcement for tier‑1 applications.
• Provide administration, technical support, and troubleshooting for application authentication, provisioning, lifecycle, and SSO setup requests or issues through Okta and M365.
• Create, support, and maintain automation scripts, Azure Automation runbooks, Fresh service workflows, and related processes for employee onboarding and offboarding, group and account management, and OU/Active Directory processes.
• Support onboarding, offboarding, and identity lifecycle workflows driven by UKG and other source systems, including integrations that pull and validate data from SQL databases and other structured data sources.
• Manage and monitor identity synchronization between Active Directory and Microsoft Entra , including sync rules, attribute mappings, scoping filters, exception handling, and AD extension attributes.
• Assist in the management of Active Directory and Entra .
• Support and maintain Netwrix Directory Manager and related technology platforms to enforce PAM and least privilege access.
• Support and maintain Microsoft Entra Privileged Identity Management (PIM), including role assignments, activation settings, approval workflows, and privileged access controls.
• Create, support, and maintain Microsoft Entra app registrations, enterprise applications, service principals, API permissions, client secret and certificate renewals, and related access controls.
• Establish and maintain standards for automation, scripting, documentation, reporting, monitoring, and change management within IAM and Automation.
• Collaborate closely with HR, Recruiting, Security, Infrastructure, User Support, application owners, and business partners, including Facilities, to support and improve identity and access workflows.
• Design and maintain end‑to‑end identity lifecycle processes (joiner, mover, leaver) across UKG/HRIS, Active Directory, Okta, M365, and key business applications.
• Provide day‑to‑day technical guidance and support for IAM and Automation processes.
• Ensure that system‑related documentation is maintained and kept up to date.
• Provide 24 x 7 support for critical production systems.
• Other duties as assigned.

Employees approved for flexible work arrangements are expected to be available and maintain a practice of reliable, consistent attendance during the employee’s scheduled work shift including, but not limited to, Teams/instant message, Zoom, email and voicemail, and by phone.

• Advanced/Expert Level of Power Shell script building and automation, including Azure Automation runbooks and MS Graph.
• 5+ Years supporting Okta or other IAM platforms.
• 5+ Years supporting M365 Administration (Entra, Teams, One Drive, Conditional Access).
• Strong experience supporting onboarding, offboarding, and automated…